Windows hackers target COVID-19 vaccine efforts

Hackers appear to be targeting vaccine researchers, manufacturers and the COVID-19 “cold chain” that will be used to keep the vaccine cold enough for distribution.

COVID-19 coronavirus testing / test tubes / samples / infection / outbreak / pandemic
Bill Oxford / Getty Images

I’ve written before about how during the coronavirus pandemic, hackers have increasingly exploited Windows vulnerabilities to trick people into downloading malware and ransomware to get fast, easy money.

With a recent upsurge of attacks, things are getting worse. And this time around it’s different — people may die from COVID-19 because of the attacks. Hackers are targeting vaccine researchers and manufacturers and the COVID-19 “cold chain” that will be used to keep the vaccine cold enough for distribution around the world.

If those attacks disrupt vaccine delivery, people will die.

In mid-November, Microsoft warned about a wave of Windows attacks against vaccine researchers and manufacturers. In a blog post, the company cautioned: “In recent months, we’ve detected cyberattacks from three nation-state actors targeting seven prominent companies directly involved in researching vaccines and treatments for COVID-19. The targets include leading pharmaceutical companies and vaccine researchers in Canada, France, India, South Korea and the United States. The attacks came from Strontium, an actor originating from Russia, and two actors originating from North Korea that we call Zinc and Cerium.”

The majority of the targets, Microsoft said, were vaccine manufacturers involved in vaccine clinical trials. The attackers used the typical range of malware to target Windows machines, including spear-fishing as well as “password spray and brute force login attempts to steal login credentials.” In the spear-phishing attacks, emails appeared to come from job recruiters and World Health Organization representatives.

Microsoft said most attacks were thwarted. But in some instances, the attacks succeeded. (Microsoft didn’t provide details.) It’s not clear whether the attacks were designed to steal research data, implant ransomware or disrupt research.

A newer wave of attacks since then is even more alarming, because it’s aimed at the distribution of COVID-19 vaccines. IBM uncovered those attacks. The hackers are targeting what IBM describes as “a component of the vaccine supply chain that ensures the safe preservation of vaccines in temperature-controlled environments during their storage and transportation.”

IBM says the operation against the cold chain began in September. It’s a phishing attack in which emails purports to be from officials in Haier Biomedical, “the world’s only complete cold chain provider,” according to IBM.

Emails were sent to executives in other companies responsible for a COVID-19 cold chain. If those executives responded to the phishing email, their login credentials were stolen. The New York Times reports: “It is unclear whether the goal is to steal the technology for keeping the vaccines refrigerated in transit or to sabotage the movements.” Even the hint of sabotaging vaccine distribution is horrifying.

One disturbing possibility is that the attacks may directly target specialized refrigerators used to protect the vaccines during transportation and storage. These are not garden-variety refrigerators; they’re expensive, high-tech devices that keep the vaccines at the extremely cold temperatures required for them to remain potent. One such refrigerator uses a Surface tablet and Windows 10 Pro as a kiosk to control it, along with a variety of IoT devices. The refrigerator talks to the cloud using a Raspberry Pi 2 single-board computer running Windows 10 IoT Core Dashboard.

It’s not clear whether this specific refrigerator will be used with the COVID-19 vaccine, but it could well be. If not, there’s a good chance other refrigerators will use Windows. And if hackers are targeting vaccine distribution, they may well use any credentials they’re harvesting now to attack those refrigerators.

Foreign governments may want to disrupt the vaccine supply chain in order to sow chaos in the U.S. or other countries. And cybercriminals would certainly want to use ransomware to hold the supply chain hostage unless they’re paid millions of dollars in ransom.

Particularly worrisome is that many companies involved in the COVID-19 vaccine supply chain, such as trucking companies and refrigerator manufacturers, aren’t necessarily technically sophisticated when it comes to cybersecurity.

Tom Patterson, Chief Trust Officer of Unisys, put it this way in an email: "Refrigerator companies, drug stores, trucking companies, and hospitals need to now be at the same level of cyber defense as the Pentagon. Adversaries looking to monetize attacks against the ecosystem of companies, organizations, and individuals have been emboldened with successful ransomware attacks to date. By being able to hold the delivery of a COVID vaccine hostage, bad actors are betting on huge ransom payouts.”

Microsoft is certainly aware of the problem. So, here’s hoping that the company is doubling down on its outreach to every business in the cold chain to make sure their Windows machines and overall infrastructure is as secure as possible. Because if not, we won’t be facing just a cold, hard winter, but tough times well beyond then. And countless people could die unnecessarily.

Copyright © 2020 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon